Payment Systems & Data Security Workgroup

From HTNG Connectivity Wiki

Jump to: navigation, search

Contents

Workgroup Overview

The focus of this workgroup was to improve the standardized processing of payment card transactions, while lowering the risk of data theft from hotel systems by reducing or eliminating the storage of sensitive data in hospitality systems. The Data Proxy Specification allows many hotel systems to move “out of scope” of PCI requirements. In addition, its Payment Processing specification handled all basic lodging card transactions, and the specification was enhanced in October 2010 to support other verticals, EMV (Chip and PIN), and prepaid cards.

The initial effort focused on defining an approach, using secure data proxies, to remove sensitive information from most hotel systems and store it in a single, secure system - resulted in a certifiable Data Proxy Specification V1.0, released in September 2009. The workgroup then turned its focus to defining standardized messages for payment processing (authorization, draft capture, voids, reversals, etc.) in a US-based payments environment. The V1.0 Payment Processing Specification was released as part of the 2010A cycle, as well as an updated Data Proxy spec that offers a common data proxy format to reduce the need for customization of the data proxy format when connecting two systems.

Scope - Payment systems include, but are not limited to, those operated by merchants (typically point-of-sale devices and software), payment gateway processors, merchant bankcard processors, credit card associations, banks, and non-bank card issuers. They can also include systems operated by loyalty programs (for example, where loyalty points can be redeemed to purchase services or merchandise), or by gift card issuers, including hotel brands, individual hotels, and third parties. Because many hotel companies operate globally, and the issues vary significantly across world regions and specific countries, the scope of the workgroup is global. The workgroup may choose to focus on specific geographic areas or regional issues at various points of time, or in the context of regional teams or sub-groups.

Business benefits include:

  • Eliminates the need for storage of sensitive data in hospitality systems to reduce the risk of compromise
  • Assists with PCI compliance efforts by consolidating sensitive data storage in a secure vault
  • Boosts guest confidence by providing a secure and certifiable environment
  • Standardizes payment interfaces through a single, globally adoptable format
  • Potentially improves card association interchange qualifications for merchants and maximizes open-to-buy limits for guests,through broader industry adoption of standardized interfaces and best practices

Key Milestones

  • Produce a certifiable Data Proxy specification – completed September 2009
  • Produce a certifiable Payment Processing specification and update Data Proxy spec with standard tokenization format – completed April 2010
  • Update Payment Processing specification to include support for additional verticals (Restaurant, Retail, eCommerce), Partial Authorizations, and Authorizations with Balance Return and EMV – completed October 2010

Status

The workgroup is currently retired, and thus, not meeting regularly.

Key Documents & Other Useful Information

Specifications

2010B
  • Technical Specification and Companion File - Payment Processing V2.0
    • Added support for additional verticals (Restaurant, Retail, eCommerce), Partial Authorizations and Authorizations with Balance Return (for use with Prepaid cards), and EMV
    • The link above also includes a companion file which contains XML Schema Definition (XSD) files and Web Service Description Language (WSDL) Files.
2010A
  • Technical Specification and Companion File- Payment Processing V1.0
    • The HTNG Payment Systems & Data Security 2010A Specifications - Payment Processing Specification v1.0 provides a specification for implementation of the HTNG open-standards solution for card based transactions (i.e. payments or authorizations) by Credit/Debit or other card types. This specification was developed by the Payment Systems & Data Security Workgroup to define how card data should flow securely between various systems used around the world that are dependent on or handle card data within a property (e.g. a Property Management System and a Payment Gateway) and work in harmony with other specifications also developed by HTNG groups.
    • The link above also includes a companion file which contains Sample XML Messages and Code Samples.
  • Technical Specification and Companion File - Data Proxy V1.1
    • Modification were editorial in nature.
    • The link above also includes a companion file which contains XML Schema Definition (XSD) files and Web Service Description Language (WSDL) Files.
2009B
  • Technical Specification and Companion File - Data Proxy V1.0
    • Removes sensitive information from most hotel systems and stores it in a single, secure system, reducing the burden of PCI compliance for hotel companies
    • The link above also includes a companion file which contains XML Schema Definition (XSD) files, Web Service Description Language (WSDL) Files and Sample XML Messages.
General

Other

Personal tools
administrative tools